DARPA taps RTX to strengthen cyber resiliency

Rhea-AI Summary

RTX's BBN Technologies has been awarded a DARPA contract for the Compartmentalization and Privilege Management (CPM) program. The company will develop the Analysis and Restructuring for Containment (ARC) tool to enhance cyber resilience by automatically subdividing software systems into secure compartments. This initiative addresses the critical need highlighted by over 12,000 cyber incidents in the U.S. Department of Defense since 2015. The ARC tool will focus on preventing unauthorized privilege escalations while maintaining system efficiency, implementing a balance between security and performance in critical software systems.

Positive

• Secured significant government contract with DARPA for cybersecurity development
• Addresses large market opportunity with over 12,000 DoD cyber incidents since 2015
• Leverages existing BBN capabilities in cybersecurity and software analysis

Negative

• None.

News Market Reaction

-1.24%

1 alert

-1.24% News Effect

On the day this news was published, RTX declined 1.24%, reflecting a mild negative market reaction.

Data tracked by StockTitan Argus on the day of publication.

RTX BBN Technologies to develop tool that compartmentalizes software systems to prevent escalation of cyberattacks

CAMBRIDGE, Mass., Nov. 7, 2024 /PRNewswire/ -- RTX's (NYSE: RTX) BBN Technologies was awarded a contract to support DARPA's Compartmentalization and Privilege Management, or CPM, program. The CPM program aims to enhance cyber resilience by automatically subdividing software systems into smaller, secure compartments, preventing initial breaches from escalating into successful cyberattacks while maintaining system efficiency.

According to the U.S. Government Accountability Office, the U.S. Department of Defense has experienced more than 12,000 cyber incidents since 2015. These incidents threaten personal privacy as well as national security. The most common exploit involves a hacker gaining access to a system and then taking advantage of coding errors that allow them to escalate their system privileges to gain access to sensitive data or to take control of the system.

Under CPM, BBN is developing the Analysis and Restructuring for Containment (ARC) tool to thwart unauthorized privilege escalations and lateral movements within software systems. ARC will be engineered to automatically analyze large code bases and construct smaller, secure compartments. By applying the principle of least privilege at a sub-program level, the tool will ensure that only the minimum access necessary is granted for code to execute. This approach to software security will significantly limit the scope of potential damage in the event of a successful infiltration of the software.

"Today's complex attack surfaces and increasingly sophisticated cyberattacks mean that even a single point of vulnerability can compromise an entire system," said Aaron Paulos, BBN principal investigator. "Our solution will enhance the security of critical software systems while preserving performance, which is essential for maintaining operational readiness. The goal is to create compartments that isolate risks, making systems more resistant to cyberattacks."

A key element of the program is the requirement to minimize the impact of compartmentalization on overall performance while producing secure, tight compartments. To achieve this, ARC will generate solutions that balance multiple objectives. For instance, some parts of software application will require performant access, while others might introduce significant exposure to risk. The tool will enable system administrators to selectively apply security measures to those areas deemed most critical, as a way of managing the trade-offs between performance and security.

ARC builds on several unique capabilities from BBN's prior work in cybersecurity and software analysis. The team intends to integrate capabilities that use:

• Automated program analysis to assess and identify potential threats in software, ensuring thorough evaluation and security.
• Verifiable program restructuring to improve security and controls, including adjustments to memory and function usage.
• Automated reasoning to develop effective security solutions by exploring different options and balancing performance with risk management.

The BBN-led team includes Northwestern University, George Washington University and Kestrel Institute. Work on the program will be completed in Cambridge, Massachusetts; Evanston, Illinois; Washington, D.C.; and Palo Alto, California.

This material is based upon work supported by the United States Air Force and DARPA under contract number FA8750-23-C-B031. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author and do not reflect the views of the United States Air Force and DARPA.

About RTX BBN Technologies
Founded in 1948, RTX BBN Technologies provides advanced technology research and development with a focus on national security priorities. From the ARPANET to the first email, through the first metro network protected by quantum cryptography, BBN consistently transitions advanced research to produce innovative solutions for its customers. BBN takes risks and challenges conventions to create solutions in analytics and machine intelligence, networks and sensors, intelligent software and systems, and physical sciences.

About RTX
With more than 185,000 global employees, RTX pushes the limits of technology and science to redefine how we connect and protect our world. Through industry-leading businesses – Collins Aerospace, Pratt & Whitney, and Raytheon – we are advancing aviation, engineering integrated defense systems for operational success, and developing next-generation technology solutions and manufacturing to help global customers address their most critical challenges. The company, with 2023 sales of $69 billion, is headquartered in Arlington, Virginia. 

For questions or to schedule an interview, please contact corporatepr@rtx.com

 

View original content:https://www.prnewswire.com/news-releases/darpa-taps-rtx-to-strengthen-cyber-resiliency-302298844.html

SOURCE RTX

FAQ

What is RTX developing for DARPA's CPM program?

RTX's BBN Technologies is developing the Analysis and Restructuring for Containment (ARC) tool to prevent unauthorized privilege escalations and lateral movements within software systems.

How many cyber incidents has the U.S. Department of Defense faced since 2015?

According to the U.S. Government Accountability Office, the U.S. Department of Defense has experienced more than 12,000 cyber incidents since 2015.

What universities are partnering with RTX on the DARPA CPM program?

RTX is partnering with Northwestern University, George Washington University, and Kestrel Institute on the DARPA CPM program.

What is the main purpose of RTX's ARC tool?

The ARC tool is designed to enhance cyber resilience by automatically subdividing software systems into smaller, secure compartments while maintaining system efficiency.